Managing SecurID
SecurID Realms
SecurID servers do not provide any authorization data; therefore, any authorization information comes from the SecurID realm or the port characteristics.
If a SecurID card is in a new PIN mode and the new PIN is coming from the access server, the new pin is displayed for 10 seconds and then erased.
Minimal Setup for SecurIDThe minimal configuration requires the following commands to set up the remote ports used for communication with SecurID. These features must be assigned in order for any communication with SecurID or SecurID accounting to take place.
∙The following example shows the command used to set up SecurID security:
LOCAL> CHANGE SECURID REALM
∙This command defines and initializes a new SecurID realm:
LOCAL> CHANGE SECURID REALM JONAS.COM AUTHEN HOST
The commands in the following example can be used to configure additional security parameters for SecurID. The commands in these examples will define a SecurID accounting node, define the maximum timeout period for SecurID reply, and define the interval between retries of an authentication request.
Local> CHANGE SECURID TIMEOUT seconds
This command defines the maximum timeout for SecurID reply.
Local> CHANGE SECURID INTERVAL seconds
Local> CHANGE SECURID REALM
This command causes the realm name to be included as part of a user name sent to SecurID. Realm name inclusion is used for SecurID proxy authentication service. See the Network Access Server Command Reference for more information on this command.